CVE-2013-0270
Keystone: Large HTTP request DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
OpenStack Keystone Grizzly antes de v2013.1, Folsom, y posiblemente versiones anteriores permite a atacantes remotos provocar una denegación de servicio (excesivo consumo de memoria y CPU) a través de una petición HTTP demasiado larga, tal y como lo demuestra un tenant_name demasiado largo al solicitar un token.
The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain access to resources they should no longer be able to access. A flaw was found in the way Keystone handled tenant names in token requests. A request containing an excessively long tenant name could cause Keystone to consume a large amount of CPU and memory. With this update, the maximum HTTP request size is limited to 112k. This can be changed via the "max_request_body_size" option in "/etc/keystone/keystone.conf".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-06 CVE Reserved
- 2013-04-05 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://bugs.launchpad.net/keystone/+bug/1099025 | Third Party Advisory | |
| https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8 | Third Party Advisory | |
| https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://launchpad.net/keystone/grizzly/2013.1 | 2018-11-16 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0708.html | 2018-11-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=909012 | 2013-04-04 | |
| https://access.redhat.com/security/cve/CVE-2013-0270 | 2013-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | >= 2012.1 <= 2012.1.3 Search vendor "Openstack" for product "Keystone" and version " >= 2012.1 <= 2012.1.3" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | >= 2012.2 <= 2012.2.4 Search vendor "Openstack" for product "Keystone" and version " >= 2012.2 <= 2012.2.4" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 2013.1 Search vendor "Openstack" for product "Keystone" and version "2013.1" | milestone1 |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 2013.1 Search vendor "Openstack" for product "Keystone" and version "2013.1" | milestone2 |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 2013.1 Search vendor "Openstack" for product "Keystone" and version "2013.1" | milestone3 |
Affected
| ||||||